FR3076382A1 - SYSTEM AND METHOD FOR MANAGING PERSONAL DATA IN A MASS REASSEMBLY - Google Patents

Abstract

The invention relates to a personal electronic bracelet (40) for the management of personal data of a participant in a mass meeting comprising a communication module (41) able to receive personal data of the participant in encrypted form, a module of storage (42) capable of storing the encrypted personal data of the participant and an electronic locking mechanism (43) configured to change state following receipt of a state change data.

Description

The invention relates to the field of mass gathering management, and more particularly a device and a system for managing personal data which can be used to facilitate the management of participants in a mass gathering and allow the provision of services. personalized to these participants. The invention also relates to a method for managing personal data in a mass gathering capable in particular of improving the security of the gathering and the experience of the participant.

[PRIOR ART [0002] Large gatherings, also called mass events or mass gatherings, are characterized by a large number of people attending or participating in a common event, for example at a pilgrimage, a sports competition or a concert. With the increase in population, communication and the democratization of long distance transport, these large gatherings are more and more frequent and concern more and more numerous and diverse people.

The events likely to gather the greatest number of people are often pilgrimages such as Hajj which is the largest annual population gathering in the world, the Kumbh Mêla which is the largest gathering of Hindus in the world or still masses of the pope often gathering several million people. For the year 2011, the central statistics and information department of the Kingdom of Saudi Arabia has identified nearly 3 million pilgrims for Hajj. Thus, the Hajj pilgrimage brings together several million people every year over just a few days. Rising, it is likely that this number will reach 10 million visitors per year in a few years. In addition to pilgrimages, the events likely to gather a large crowd are for example sporting events (e.g. world cup or Olympic games) or cultural events (e.g. Universal Exposition). For example, for the 2024 Olympic Games in France, the number of spectators expected on average during the Olympic fortnight is estimated at more than three million, including 500,000 foreign visitors.

The presence of a large number of people participating in mass gatherings generally causes disruption and participants may not be able to [0576-BULL22] even to fully benefit from the experience. The causes of these inconveniences can be very diverse but are often linked to the quantity of participants that it is necessary to control, via identity verification procedures (including for example the taking of fingerprints) often long, or difficulties in planning and respecting these plans (eg non-compliance with timetables). For mass gatherings of several million people, this becomes a real challenge at airports and other entry points, but also at the accommodation level. Participants can then experience nuisance up to the periphery of the gathering, for example in terms of housing, health services or even slowdowns associated with the heavy congestion of the road network due to the simultaneous convergence of large groups of participants at road junctions .

The associated difficulties are mainly caused on the one hand by the quantity of people wishing to attend this event and on the other hand by the fact that the information handled is highly sensitive and requires an extremely rigorous review. Thus, the authorities in charge of managing large gatherings, responsible for managing and accompanying the participants, are faced with a difficult task since a single error in an identity check can lead to serious risks for the whole community. that too long a procedure may cause unacceptable nuisance for the participants. In particular, identity control became a major problem during the great pilgrimage to Mecca (Hajj), with an increasing number of pilgrims and the occurrence of congestion or movement of crowds which could be sources of accidents. In addition, it is possible that the participant may lose some of his identity documents, such as passport, residence permit and national identity card. This happens in particular, on the Hajj pilgrimage requiring the wearing of the special fabric of the Ihram. With lost passports, the return of participants to their country of origin is delayed, which imposes an additional burden not only on participants but also on national authorities. Likewise, in the event of an accident, the presence of personal data which health authorities can easily and securely access could make it easier to care for patients.

Generally, the techniques most used for identity management are techniques associated with entry and exit checks. However, such control is not suitable for all gatherings and some gatherings require reducing the control time while maintaining a high level of security. Automated methods for managing participants have been proposed. For example, a method based on the use of a passive RFID tag for identifying pilgrims in holy areas during Hajj has been proposed. In this technology, upon presentation of the label to a portable reader, all information relating to the pilgrim in possession of the label will be [0576-BULL22] displayed on the screen of the reader. However, the proposed technology does not have data security and centralized exchange management.

[0007] Thus, there is a difficulty in effectively managing personal data and there is no robust and secure solution allowing, within the framework of a mass gathering, to quickly ascertain the identity of a participant. Indeed, a participant's device can be modified or exchanged without this being identified by the authority in charge of managing the mass gathering. However, this indecision slows down the democratization of automated solutions and maintains the existence of heavy congestion due to the convergence of large groups of pilgrims, particularly in Haram during the Hajj period.

There is therefore a need for a method, a device or a system making it possible to improve the conditions of participation in large gatherings and in particular to reduce the hours of waiting that may occur at different times of the event while ensuring a reliability and security of the data handled.

[Technical problem!

The invention therefore aims to remedy the drawbacks of the prior art. In particular, the object of the invention is to propose a device for managing personal data within the framework of a mass gathering, said device making it possible to improve the management of personal security and to allow the fight against fraud during said gathering.

The invention further aims to provide a personal data management system in the context of a mass gathering, hosting at least several thousand people, on a gathering place, said system can be used for verify the identity of people, offer them value-added services, in particular as part of their trip planning, and finally assist them in any discussions with health authorities.

[0576-BULL22] [Brief description of the inventionl [0011] To this end, the invention relates to a personal electronic bracelet for the management of personal data of a participant in a mass gathering comprising:

- a communication module capable of receiving personal data from the participant in encrypted form,

- a storage module capable of storing the participant's encrypted personal data and

- an electronic closing mechanism configured to change state following the reception of a state change data.

Thus, the invention relates to a bracelet having the advantage of being able to reduce the duration of identity verification procedures while retaining a high level of requirement in terms of data security. It also makes it possible to compensate for the difficulty in identifying certain pilgrims and to overcome the language barrier.

Such a system is particularly useful in the context of the management of gatherings such as the small and large pilgrimage to Mecca, in particular via better management of the personal data of the participants.

The presence of personal data in encrypted form allows control of the dissemination of data while making them accessible to authorized entities even in the event of communication disruption. The electronic closing mechanism changing state following the reception of data prevents manual opening and accidental or intentional loss of the bracelet.

According to other optional characteristics of the bracelet:

- the state change data is biometric data associated with an operator responsible for said participant. Preferably, the biometric data is an imprint. Thus, the bracelet can only be locked and unlocked by the operator responsible for the participant. This enables the security requirements of such devices containing sensitive information and being used for identity checks to be met.

- the participant's personal data includes: identity data, travel data and health data.

- the communication module is able to communicate with a third-party device and is configured to allow access, by said third-party device, to only part of the participant's personal data. For example, the data is encrypted so that [0576-BULL22] so that the third party device can decrypt, even with the appropriate decryption key, only a part of personal data.

- it is configured to send, via a communication module, a message to an operator responsible for said participant if it were to be opened by force.

The invention further relates to a personal data management system in the context of a mass gathering, said management system comprising a personal electronic bracelet according to the invention and a secure platform, said secure platform comprising a personal data module, configured to store personal data of the participant.

According to other optional features of the system:

- it also includes at least one third-party device configured to access only part of the participant's personal data. For example, the third party device can be configured to transmit an identifier to the personal electronic bracelet, to receive all or part of the participant's personal data in encrypted form and to decrypt only part of the participant's personal data.

- at least one of the third-party devices is able to access personal data comprising a visa number, to compare the visa number with a predetermined list and to generate an alert instruction based on said comparison. Thanks to this, the system according to the invention allows a quick and secure identity check and can lead to a reduction in waiting times, for example at airports during mass gatherings. Such a third-party device can for example take the form of a security portal that can be used in an airport. Thus, upon the arrival of a participant, the portal will be able to access numerous personal identity data such as last name, first name, biometric data of the participant and arrival airport, and including a visa number. The predetermined list may include other information which can be compared with advantageously the arrival airport. The predetermined list may for example have been sent by the authority server. The alert instruction preferably makes it possible to generate an audio or visual signal. It can, for example, consist of an instruction configured to light an indicator, activate a loudspeaker or send a message to an electronic device. The alert makes it possible to prevent access to a zone to an apparently unauthorized participant.

[0576-BULL22]

- at least one third-party device is a third-party vehicle access control device configured for:

- access part of the participant's personal data,

- check the part of the participant's personal data, then

- record personal data of the participant if the participant is authorized to enter said vehicle.

The vehicle may preferably be a public transport vehicle. In addition, the data can be checked, for example, by comparing this data to a list of participants authorized to get into the vehicle.

- the secure platform includes an analysis module configured to:

- receive an alert message from a personal electronic bracelet, load a geographical position from the personal electronic bracelet, load distribution data of the participants and determine an area with a high probability of risk of crowd movement from the loaded data;

- receive an alert message from a personal electronic bracelet of a participant, load a geographic position of the personal electronic bracelet, load distribution data of the participants and generate proposals for optimal routes for the delivery of care and evacuation of the participant wearing the bracelet.

Advantageously, these analyzes can then be processed by representation applications so as to highlight the relevant information (“heat maps” type format. Thus, the analysis module is able to generate statistical data allowing improve the safety of the participants. This analyzed data can also be saved in the form of files on a memory.

- the secure platform includes a planning and access control module configured to correlate distribution information of the participants in the mass gathering, visit planning information and positioning information of the personal electronic bracelet so as to generate access authorizations to areas for the wearer of said bracelet.

- the planning and access control module is configured to:

- receive a request for authorization to access a zone by the personal electronic bracelet, load visit planning data for the wearer of said bracelet and transmit an authorization for access to the personal electronic bracelet or to a third-party device depending on the schedule and visit planning data. Thus, [0576-BULL22] the wearer may be prohibited from entering an area if authorized access times for the wearer of the personal electronic bracelet are not respected, identify the position of the personal electronic bracelet, load data from visit planning for the wearer of said bracelet and transmitting a message to the personal electronic bracelet as a function of the time, the position of the bracelet and visit planning data; Thus, the wearer will be able to receive a reminder of the zone exit schedule or a request for immediate exit from the zone if the visit schedule is exceeded;

load distribution data of participants, load a geographical position of the personal electronic bracelet and determine a planning of visits according to the loaded data; and / or transmit to a server, or to a third-party device, personal data of a participant who has exceeded the time allotted in an area. Thus, the authorities and the responsible organizer will be able to make a violation of the participant.

The invention further relates to a method of managing personal data in the context of a mass gathering, said personal data being recorded on a personal electronic bracelet according to the invention, said method comprising a step of configuring the personal electronic bracelet including the following steps:

- configuration of the closing mechanism so that it is able to change state following the reception of a state change data.

- recording of encrypted personal data on the storage module, and

- configuration of the communication module so that it is able to transmit part of the encrypted personal data following the reception of identification data from an authorized third-party device.

The invention further relates to a method of managing personal data in the context of a mass gathering, said personal data being recorded on a personal electronic bracelet according to the invention, said method comprising a step of configuring a device. third party including the following steps:

- creation of a unique identification key, capable of allowing access by a third party device to a personal electronic bracelet,

- creation of a decryption key for encrypted personal data, capable of decrypting only part of the personal data of the personal electronic bracelet, and

- registration of the unique identification key and the decryption key on a third-party device.

Thus, the personal electronic bracelet will only transmit personal data to a third-party device that has sent the expected key, said expected key being preferably different for each personal device.

Other advantages and characteristics of the invention will appear on reading the following description given by way of illustrative and nonlimiting example, with reference to the appended figures which represent:

• Figure 1, a schematic representation of the personal electronic bracelet for managing personal data according to the invention.

• Figure 2, a schematic representation of the personal data management system according to the invention, • Figure 3, a schematic representation of a step of configuring the personal electronic bracelet for managing personal data according to an embodiment of the invention , • Figure 4, a schematic representation of a step of configuring third-party devices according to an embodiment of the invention, • Figure 5, a schematic representation of a step of accessing the personal data of an electronic bracelet in within the framework of an embodiment of the invention, [Description of the invention] In the following description, the term "geographic location" means a place that can be defined by its area, consisting of outdoor areas and / or indoor areas.

The term "mass gathering" according to the invention corresponds to a planned or spontaneous event, preferably planned, which will attract a number of participants likely to significantly request resources for planning and action of [0576 -BULL22] administrators or from the host country. The Olympic Games, Hajj and other major sporting, religious or cultural events are examples.

The term "distribution" refers, according to the invention, to a quantity or a movement of people. The quantity can be expressed according to several dimensions such as by a density (eg person / m ² ), a total number (eg in hundred of person), a percentage (eg number of person / capacity of the area). The movement corresponds to a quantity entering and leaving the geographic location or part of the geographic location. Thus, the “distribution data” according to the invention corresponds to one or more values.

By "parameter" is meant in the sense of the invention a value obtained by transforming raw data and which can then be used within a model. This applies in particular to the transformation of a series of image from a video or to the transformation of a series of values obtained via a network sensor.

By "model" or "rule" or "algorithm" is meant within the meaning of the invention a finite series of operations or instructions for calculating a value by means of a classification or a partitioning of data within previously defined groups Y and to assign a score or to prioritize one or more data within a classification. The implementation of this finite sequence of operations makes it possible for example to assign a label Y to an observation described by a set of characteristics or parameters X thanks for example to the implementation of a function f capable of reproducing Y having observed X.

Y = f (X) + e where e symbolizes the noise or measurement error By “supervised learning method”, we mean within the meaning of the invention a method making it possible to define a function f from a base of n labeled observations (Xi ... n, Yi ... n) where Y = f (X) + e. "Unsupervised learning method" means a method of prioritizing data or dividing a set of data into different homogeneous groups, homogeneous groups sharing common characteristics, without labeling observations.

By “maintenance” or “maintenance action”, we mean, within the meaning of the invention, an activity aimed at repairing, recharging, cleaning or replacing an installation. By "installation" is meant in the sense of the invention a building, a room, a dwelling but also an equipment (e.g. water dispenser, furniture). "Maintenance resources" means [0576-BULL22] people, also called "maintenance agent" qualified to carry out maintenance actions or devices that may be necessary for carrying out maintenance actions.

The term “process”, “calculate”, “determine”, “display”, “extract” “compare” or more broadly “executable operation”, within the meaning of the invention, an action performed by a device or a processor unless the context indicates otherwise. In this regard, operations relate to actions and / or processes of a data processing system, for example a computer system or an electronic computing device, which manipulates and transforms the data represented as physical quantities (electronic ) in the memories of the computer system or other devices for storing, transmitting or displaying information. These operations can be based on applications or software.

The terms or expressions "application", "software", "program code", and "executable code" mean any expression, code or notation, of a set of instructions intended to cause data processing to perform a particular function directly or indirectly (eg after a conversion operation to another code). Examples of program code may include, but are not limited to, a subroutine, function, executable application, source code, object code, library, and / or any other sequence of instructions designed for execution on a computer system.

By "processor" is meant, within the meaning of the invention, at least one hardware circuit configured to execute operations according to instructions contained in a code. The hardware circuit can be an integrated circuit. Examples of a processor include, but are not limited to, a central processing unit, a graphics processor, an application specific integrated circuit (ASIC) and a programmable logic circuit.

By "coupled", in the sense of the invention, connected, directly or indirectly with one or more intermediate elements. Two elements can be coupled mechanically, electrically or linked by a communication channel.

In the following description, the same references are used to designate the same elements.

The invention relates to a device, system or method for facilitating the management of personal data in the context of a mass gathering. The events likely to gather the greatest number of people are often pilgrimages, sporting events or cultural events. The present invention, although [0576-BULL22] that applicable to numerous mass gatherings, will be illustrated more particularly in the context of a pilgrimage to Mecca, for example during the great pilgrimage or the small pilgrimage. Indeed, the pilgrimage to Mecca represents around five million visitors each year to the cities of Mecca and Medina in Saudi Arabia. These visitors find themselves in particular during the annual Hajj ritual which is performed on a precise number of days in the month of Dhul-Hijja of each lunar year, more particularly during the first 12 days. In 2017, the first day of the Dhul-Hijja month of the lunar year 1437 was August 23, 2017.

The Hajj pilgrimage extends over a geographic location corresponding to Mecca, more than 1000 km ² . During this pilgrimage, the participants in Hajj, also called Hadjis, will pray five times a day in the same gathering places and will perform the same worship actions as explained. They will for example have to do seven rounds around the Kaaba, do seven times the walk between Safâ and Marwah, drink at the source Zamzam then go to a place called "Mina" 4 km from Mecca and do the prayers of in the afternoon (asr), in the evening (maghreb and icha) and in the morning (fajr). They will also have to go towards the Arafat mountain and do the midday and afternoon prayers there then go to “Muzdalifah” to do the evening prayers. The next day, the pilgrim returns to Mîna to perform the prescribed rites, a journey of approximately 17km (outward and return). In addition, pilgrims generally visit the Mosque of the Prophet Mohamed (PSSL), Al-Masjid an-Nabawï, Medina.

Thus, with several million pilgrims traversing this territory over a very short period, the administrations in charge of the management of the gathering and more particularly the control of the participants are subjected to strong pressure. In fact, the management of such an event represents an exceptional issue, particularly with regard to the management of participants' personal data and more particularly in the context of fraud prevention, the management of medical emergencies or more generally the improvement of the pilgrim's experience.

As shown in Figure 1, the invention relates in a first aspect to a personal electronic bracelet 40 for example associated with a participant in a mass gathering and an operator responsible for said participant. This mass gathering can accommodate for example at least several thousand people, preferably more than 100,000 people, more preferably more than a million people.

The operator responsible for the participant is generally the person, employee of a company organizing the travel of the participant, who will be in charge of the participant during the mass gathering. It is for example the organizing company which will have planned the [0576-BULL22] presence at the mass rally of the participant. This includes, for example, the administrative procedures for obtaining visas, purchasing transport tickets, renting accommodation, possible registration for the meeting and / or planning any visits.

The personal electronic bracelet 40 includes an electronic closing mechanism 43 configured to change state following the reception of a state change data, preferably from the operator responsible for said participant. The change of state corresponds to the opening or closing of the electronic closing mechanism.

Advantageously, the change of state data of the responsible operator is biometric data, preferably data relating to the imprint of the responsible operator. In this case, the bracelet may include a fingerprint reader. The fingerprint reader can in particular be configured to read a fingerprint, generate a data for reading a fingerprint and then check the agreement between the data for reading the fingerprint and a data item relating to the fingerprint of the responsible operator recorded on bracelet 40.

The personal electronic bracelet 40 also includes a storage module 42 capable of storing the participant's personal data in encrypted form.

The participant's personal data may for example include: identity data, travel data and health data. For example, this storage module 42 is more particularly capable of recording:

- identity data corresponding for example to name, address, passport number, visa number, dates of residence authorization;

- travel data corresponding for example to the name of the hotel booked, its address, reservation dates, and

- health data corresponding, for example, to data essential for emergency medical treatment such as blood group, rhesus, important medical history and allergies.

For this, the storage module 42 may include a transient memory and / or a non-transient memory. The non-transient memory can be a medium such as a CDrom, a memory card, or a hard disk, for example hosted by a remote server.

As has been said, the storage module 42 is configured to include encrypted data. The invention has the particularity of securing the participant's personal data and making it highly accessible, but only to authorized entities.

Thus, personal data is recorded on the personal bracelet in encrypted form [0576-BULL22]. Furthermore, even an authorized third party may have restricted access and will not be able to access all of the information. Personal data can for example be compartmentalized so that all information is not accessible to an authorized third party. For example, a border control authority in a country will not need to know the participant’s medical information. Likewise, a doctor may not be authorized to access personal information associated for example with the participant's visa to be treated. However, he will be able to access all of the medical file information contained in the personal bracelet using the third party device. Personal data is recorded on the personal bracelet can for example be encrypted according to a symmetric or asymmetrical encryption algorithm such as for example an algorithm selected from the following encryption algorithms: RSA, DSA ("Digital Signature Algorithm >>), DES (" Data Encryption Standard ”), triple DES, AES (“ Advanced Encryption Standard >>).

In addition, the personal electronic bracelet 40 may include a communication module 41 for example capable of communicating with a device, a platform or a computer system. Thanks to this communication module 41, the bracelet 40 is able to communicate with various communicating electronic devices such as for example the organizing server, the secure platform 100, and the third-party devices 51. The communication module 180 is configured to receive and transmit information to remote systems such as sensors, tablets, phones, computers or servers. The communication module allows data to be transmitted over at least one communication network and can include wired or wireless communication. Preferably, the communication is carried out via a wireless protocol such as wifi, 3G, 4G, and / or Bluetooth. These data exchanges can take the form of sending and receiving files, preferably encrypted and associated with a specific receiver key. The communication module 41 is also able to allow communication between the bracelet 40 and a remote terminal, including a client. The customer is generally, any hardware and / or software likely to access the bracelet 40 and allowing for example its configuration or the consultation of personal data.

In addition, the bracelet 40 according to the invention may include a processor and a display module 49 allowing it for example to display personalized alert messages. It can also comprise a geolocation chip 44 of GNSS type (including GPS), an accelerometer 45, and a GSM communication chip 46 associated with a SIM card 47 preferably being fixed in a non-removable manner to the device (eg welded) and comprising a [4876-BULL22] memory 48 preferably encrypted. This encrypted memory 48 can in particular be used for the storage of personal data and thus constitute the storage module 42.

The bracelet 40 according to the invention may also include an actuator configured to, after its activation, send an alert message to the operator responsible for the participant and / send an alert message to the emergency services. In addition, these messages can be accompanied by identification data of the participant wearing the bracelet and also by position data of the participant wearing the bracelet.

As shown in Figure 2, the invention also relates in a second aspect to a system 1 for managing personal data in the context of a mass gathering, said management system 1 comprising the electronic bracelet 40 according to the invention and a secure platform 100. This secure platform 100 is more particularly in charge of information processing, planning and generation of instructions, in particular intended for the electronic bracelet 40.

The secure platform 100 of the system 1 according to the invention comprises a personal data module 110, configured to store personal data of the participant and possibly personal data of the responsible operator.

The secure platform 100 of the system 1 according to the invention includes an encryption module 120, configured to implement an encryption step on personal data and more broadly on all data managed by the secure platform and to be protected. The data can for example be encrypted according to a symmetric or asymmetric encryption algorithm such as for example an algorithm selected from the following encryption algorithms: RSA, DSA (“Digital Signature Algorithm”), DES (“Data Encryption Standard”), triple DES , AES ("Advanced Encryption Standard").

Data, such as personal data, is preferably encrypted according to a symmetric block encryption algorithm. Block encryption consists of cutting the data to be encrypted into successive blocks, the size of which (in bits) depends on the chosen algorithm, for example in blocks of 128 bits each, and successively encrypting each block in particular in the initial order to obtain corresponding encrypted blocks of 128 bits each for example. In addition, in block chaining mode (CBC type, for “Cipher Block Chaining” in English terminology), the previous encrypted block is used to encrypt the next block. Symmetric block cipher algorithms include AES, DES, algorithms according to ISO / IEC 18033-3, Camellia, HIGHT, Blowfish, Serpent or Twofish.25 algorithms.

The secure platform 100 of the system 1 according to the invention comprises a module for preparing personal data 130, configured to check the completeness of the personal data and if necessary standardize them. The personal data preparation module 130 can also be configured to anonymize the personal data once the electronic bracelets 40 and the third-party devices 51 have been configured. The personal data preparation module 130 can also be configured to initiate a procedure for anonymizing personal data in the event of an attack detected on the secure platform 100.

The secure platform 100 of the system 1 according to the invention comprises a data analysis module 140. This data analysis module 140 is notably configured to generate analyzed data from data coming from the personal electronic bracelet 40 but also coming from other devices such as advantageously, a device for calculating the distribution of participants on the geographic site of the mass gathering.

The secure platform 100 of the system 1 according to the invention comprises a recording module 150. It can include a transient memory and / or a non-transient memory. The non-transient memory can be a medium such as a CDrom, a memory card, or a hard disk, for example hosted by a remote server.

As has been said, in addition to managing the personal data of the participant in the mass gathering, the system according to the invention can also, on the basis of previously recorded prior data, create models making it possible to anticipate a risk situation and avoid its occurrence. For this, the secure platform 100 can also include a learning module 160.

The learning module 160 is able to implement algorithms based on supervised or unsupervised learning methods. Thus, advantageously, the secure platform 100 is configured to implement the input data in one or more algorithms, preferably previously calibrated. These algorithms can have different versions depending on the time of a gathering period. For example, in the context of the pilgrimage, three periods can be taken into account: the Hajj or great pilgrimage, the small pilgrimage and the rest of the year. This refines the predictions from the models. These algorithms may have been constructed from different learning models, including partitioning, supervised or not [0576-BULL22] supervised. An unsupervised learning algorithm can for example be selected from an unsupervised Gaussian mixture model, an ascending hierarchical classification (Hierarchical clustering Agglomerative in Anglo-Saxon terminology), a descending hierarchical classification (Hierarchical clustering divisive in AngloSaxonne terminology). Alternatively, the algorithm is based on a supervised statistical learning model configured so as to minimize a risk of the scheduling rule and thus making it possible to obtain more efficient prediction rules. In this case, the determination and estimation calculation steps can be based on a model, trained on a data set and configured to predict a label. For example, for calibration purposes, it is possible to use a data set representative of a situation whose label is known, for example the number of participants in an area counted manually. The data set can also include multiple labels. The algorithm can result from the use of a supervised statistical learning model selected for example from kernel methods (eg Large Margin Separators - Support Vector Machines SVM, Kernel Ridge Regression) described for example in Burges, 1998 (Data Mining and Knowledge Discovery. A Tutorial on Support Vector Machines for Pattern Recognition), set methods (eg decision trees) described for example in Brieman, 2001 (Machine Learning. Random Forests), FP-Growth, Apriori, hierarchical partitioning, k-mean partitioning, decision trees, logical regression or the neural networks described for example in Rosenblatt, 1958 (The perceptron: a probabilistic model for information storage and organization in the brain).

The secure platform 100 of the system 1 according to the invention comprises a supervision module 170.

The secure platform 100 of the system 1 according to the invention comprises a communication module 180. Thanks to this communication module 180, the secure platform 100 is able to communicate with a plurality of devices or systems involved in data management information of a participant in the mass rally. These devices or systems can for example be selected from: portable data readers, control gates, vehicles. Thus, the communication module 180 is configured to receive and transmit information to remote systems such as sensors, tablets, telephones, computers or servers. The communication module 180 makes it possible to transmit the data over at least one communication network and can include wired or wireless communication. Preferably, the communication is carried out via a wireless protocol such as wifi, 3G, 4G, and / or Bluetooth. These data exchanges [0576-BULL22] can take the form of sending and receiving files, preferably encrypted and associated with a specific receiver key. In addition, the secure platform 100, via its communication module 180, is able to communicate directly with the communication module 41 of the personal electronic bracelet 40 is able to communicate with.

During mass gatherings and especially during the Hajj pilgrimage, there may be heavy congestion due to the convergence of large groups of pilgrims at road junctions or on pilgrimage sites. This is partly due to non-compliance with timetables. Thus, the secure platform 100 of the system 1 according to the invention advantageously includes a planning and access control module 190. This module makes it possible, for example, to correlate distribution information of the participants in the mass gathering, with planning information. of visit and positioning information of the personal electronic bracelet 40 so as to generate the access authorizations of certain zones to the wearer of said bracelet 40.

The different modules of the bracelet or of the secure platform 100 are shown separately in Figures 1 and 2 but the invention can provide various types of arrangement such as a single module combining all the functions described here . Likewise, these means can be divided into several electronic cards or else combined on a single electronic card. In addition, when an action is lent to a device or module, it is in fact carried out by a microprocessor of the device or module controlled by instruction codes stored in a memory. Likewise, if an action is lent to an application, it is in fact carried out by a microprocessor of the device in a memory in which the instruction codes corresponding to the application are recorded. When a device or module sends or receives a message, this message is sent or received by a communication interface.

In addition, the bracelet and the system according to the invention may include one or more human-machine interfaces. The human-machine interface, within the meaning of the invention, corresponds to any element allowing a human being to communicate with a particular computer and without this list being exhaustive, a keyboard and means allowing in response to the orders entered at the keyboard to display and optionally select with the mouse or a touchpad items displayed on the screen. Another exemplary embodiment is a touch screen making it possible to select directly on the screen the elements touched by the finger or an object and possibly with the possibility of displaying a virtual keyboard.

The management system 1 according to the invention comprises, or is associated with, an organizing server 10. The organizing server corresponds for example to the server of the entity taking care of the organization of the presence of the mass gathering participant.

The management system 1 according to the invention comprises, or is associated with, an authority server 20. The authority server corresponds for example to the server of the entity responsible for the administration of the mass gathering and in particular of the management of presence authorizations. Preferably, the exchanges between the secure platform 100 and the authority server 20 are secure (encrypted) exchanges.

The management system 1 according to the invention comprises, or is associated with, a third-party server 50. The third-party server corresponds, for example, to the server of a third-party entity (hospitals, security agency, hotels, government organization) including access to personal data is desired. The management system 1 according to the invention comprises, or is associated with, a third-party device 51. The third-party device 51 can for example be a reader, a sensor, a tablet, a telephone or a computer. The third-party device 50 is able to transmit an identifier or an identification key to the personal electronic bracelet 40, to receive personal data from the participant in encrypted form and to decrypt only part of the personal data of the participant. The third party device may receive all of the participant's personal data or only part of the participant's data. On the other hand, the third party device will only be able to access part of the personal data, said part being dependent on its identification key.

The decryption of part of the personal data can be carried out at the level of the third-party device 51. For example, on reception of the encrypted data, the application embedded on the third-party device 51 restores the raw textual data from the message received , involving integrity and authenticity checks using a message authentication code and then decryption of the encrypted data. Alternatively, the decryption can be carried out at the level of the personal electronic bracelet 40 before sending.

During mass gatherings, certain individuals seek to attend these gatherings without having completed the required formalities or without wishing to reveal their identity. To overcome this, the organizers generally set up verification procedures taking into account, on the one hand, the identity of the people and, on the other, by the authorizations acquired. In this context, vehicles, in particular public transport vehicles, are a place of choice for hiding unregistered participants and they are also a source of slowing down during controls.

[0576-BULL22] Thus, to avoid such fraud and slowdowns, the third-party device can be a third-party device for controlling access to a vehicle 60, preferably a public transport vehicle. Such a device can, for example, be positioned at the entrance to a vehicle and will be configured to: access part of the participant's personal data, control it, for example, by comparing this data to a list of participants authorized to get into said vehicle, then record personal data of the participant who entered the vehicle.

The vehicle equipped with the third-party access control device 60 to a vehicle may, during control steps, transmit, for example to a vehicle control device, a list of passenger-participants of this vehicle with part of their personal data. The verification will then be much faster.

In this context, spot checks may be implemented and the learning module may, with regard to the control results, establish a vehicle control model allowing, depending on the behavior of the vehicle, to predict a risk of fraud.

The invention also relates to a step 200 of configuration of the personal electronic bracelet 40 according to the invention.

This configuration can notably include the following steps:

- Configuration of the electronic closing mechanism 43 so that it is able to change state following the reception of a predetermined state change data. Recording of encrypted personal data on the storage module 42, and

- Configuration of the communication module 41 so that it is able to transmit part of the encrypted personal data is activated following the reception of an identification data from an authorized third-party device 51.

In the context of mass gathering, it is likely that participants come from different countries and do not share the same language or the same culture. Thus, the method of configuring the bracelet may include a prior step of loading personal data and processing this personal data.

The processing of personal data, before encryption, may for example include a step of formalizing the data so as to make it intelligible by third party entities which will consult this personal data.

An embodiment of this configuration is presented in FIG. 3. FIG. 3 is a diagram illustrating the exchanges between the various elements of the system according to the invention described above in the context of the configuration of a personal electronic bracelet 40. FIG. 3 refers in particular to the secure platform 100, to the organizing server 10, to the authority server 20 and to the personal electronic bracelet 40.

In a first step 201, the organizing server 10 transmits to the secure platform 100 personal data of a participant. During this step, the organizing server 10 can also transmit data on the person in charge who will be in charge of the participants during the mass gathering. When the secure platform 100 receives this data, it can carry out a first processing 210 so as to verify compliance and the completeness of the data sent. It can also at this time modify the personal data to make it correspond to a standard required by the authority server 20.

Then, the secure platform 100 transmits 211 at least part of this personal data from the participant to the authority server 20. The secure platform 100 can send all of the personal data received or send only part of it. Preferably, it only sends part of the personal data received. During this step, the secure platform 100 can also transmit data on the person in charge who will be in charge of the participants during the mass gathering.

When the authority server 20 receives this data, it can launch a verification 220 of the data received as well as a validation procedure 230 of the registration of the participant in the mass gathering.

If a conflict is detected (NOK), then the authority server 20 transmits a refusal to the secure platform 100 during a step 231. Otherwise (OK) a step 240 is implemented to establish a transaction request which will configure third-party devices.

During a step 241, the transaction request as well as the validation of the participant's participation is transmitted to the secure platform 100. The transaction request can in particular include identifiers for third-party devices 51 which will be able to access to the data stored on the personal electronic bracelet 40.

When the secure platform 100 receives this data, it can inform the organizer, for example via a step 242 of transmitting data to the organizing server. It also initiates a step 250 of data preparation. The preparation 250 of the data on the secure platform 100 can in particular include:

Encryption of personal data [0576-BULL22]

- The recording of encrypted personal data on the secure platform

- The association of personal data with organizer data

- The association of personal data with third party data

- The association of personal data with access conditions, and / or

- The association of personal data with conditions for unlocking the person device. The details on the configuration of the third party devices 51 will be given during the description of FIG. 4.

After transmission 251 of the encrypted personal data to the organizing server or to the personal electronic bracelet 40, the encrypted personal data are recorded 260 on the personal electronic bracelet 40. In addition, organizer data can also be recorded there in encryption or not.

During a step 270 of configuration of opening, which can also be prior to step 260, the bracelet is configured so that it can only be locked and unlocked when it receives the change data d 'state. Preferably, it is configured so that it can only be locked and unlocked when the device receives a signal corresponding to the fingerprint of the participant's manager.

During a step 280 of configuring access to the data, which can also be prior to steps 260 and 270, the bracelet is configured so that the personal data can only be accessed by third-party devices 51 corresponding to predetermined access keys.

In addition, the encryption of personal data is such that each third-party device 51 will only have access to part of the personal data contained in the bracelet.

The invention also relates to a configuration step 300 of a third-party device 51 capable of accessing part of the encrypted personal information recorded on the personal electronic bracelet 40 according to the invention. This configuration 300 of a third-party device 51 may notably include the following steps:

- Creation 310 of a unique identification key, capable of allowing access by a third party device 51 to a personal electronic bracelet 40. Thus, the personal electronic bracelet 40 will only transmit personal data to a third party device which will have sent the correct key, said key being different for each personal device.

[0576-BULL22]

Creation 320 of a decryption key for encrypted personal data, capable of decrypting only part of the personal data of the personal electronic bracelet 40.

Registration of the unique identification key and the decryption key on a third-party device 51.

Figure 4 is a diagram illustrating the exchanges between the various elements of the system according to the invention described above in the context of the configuration 300 of a third-party device 51. Figure 4 refers in particular to the platform secure 100, to the organizing server 10, to the authority server 20, to a third party server 50 and to a third party device 51.

In a first step 301, the authority server 20 transmits to the secure platform 100 a transaction request. This transaction request includes in particular personal data of a participant. Advantageously, the transaction request can be made for a plurality of personal bracelets. Indeed, an organizer will be in charge of organizing the participation of several people in the mass rally. Thus, the authoritative server has the possibility of sending a transaction request for all the people who have been authorized to participate in the event. Thus, the transaction request includes personal data of at least one participant. This personal data relates in particular to the identity of the participant.

In addition, the transaction request includes data relating to third-party devices 51 or to third-party organizations which will be authorized to access part of the information contained in the personal electronic bracelet 40. The transaction request may more particularly include a list third party identifiers that can access the bracelet.

Once the transaction request has been received, the secure platform initiates a step 210 of preparing personal data. For example, the participant's personal data can be encrypted so that each third party listed in the transaction request can access part of this data, the extent of the data to which they can access depends on the key.

The method can also include a step 310 of creating a unique identification key between each third party and personal device so that the personal bracelet only transmits personal data to a third party device that has sent the good key, said key being different for each personal device. Thus, this step 310 advantageously comprises the construction of at least one key for each third party (ID _n ) having the authorization to access part of the data contained in the personal bracelet. These keys are transmitted, for example to a third-party device 51, during a step 311.

The method may also include a step 320 of creating keys (K _n ) for decrypting the encrypted data capable of decrypting part of the personal data of the bracelet. Then, the decryption keys are transmitted 321 to a third-party server 50 or directly to third-party devices 51. If the decryption keys are transmitted to a third-party server 50 then the latter sends 314 the keys to the third-party devices 51 and receives 315 a acknowledgment.

Once the keys and identifiers have been received, the third-party server or, where appropriate, the third-party device 51 sends the secure platform 100 a message acknowledging receipt of the data during a step 312, 322.

In a step 313, 323, the secure platform 100 having received an acknowledgment of receipt sends a report to the authority server taking stock of the data transmitted and establishing the end of the transaction for setting up third-party devices. This secure platform 100 is more particularly in charge of information processing, planning and generation of instructions, in particular intended for the electronic bracelet 40.

The invention also relates to a step of access 400 to the personal data of the participant by a third-party device 51. The personal data of the participant being encrypted and recorded on the personal electronic bracelet 40 according to the invention. This access 400 may include in particular the following steps:

- Creation 310 of a unique identification key, capable of allowing access by a third party device 51 to a personal electronic bracelet 40. Thus, the personal electronic bracelet 40 will only transmit personal data to a third party device which will have sent the correct key, said key being different for each personal device. Creation 320 of a decryption key for encrypted personal data, capable of decrypting only part of the personal data of the personal electronic bracelet 40.

- Registration of the unique identification key and the decryption key on a third-party device 51.

FIG. 5 is a diagram illustrating the exchanges between the various elements of the system according to the invention described above in the context of access 400 to personal data. FIG. 5 refers in particular to the personal electronic bracelet 40 and to a third-party device 51.

In a first step 401, the third-party device 51 transmits to the personal electronic bracelet a transaction request. This transaction request includes in particular a unique identification key (IDi) allowing the bracelet to recognize the third-party device 51 [0576-BULL22] as an authorized third-party device that can access part of the participant's personal data. Preferably, personal data is only transmitted to authorized third parties. Indeed, it is not desirable that any device can access the information contained in the personal electronic bracelet 40. Thus, preferably, the data is only transmitted on receipt 405 of an authorized identifier or a unique identification key.

Once the identifier has been verified 410 and approved (OK) the participant's personal data accessible by this third-party device 51 are prepared 420. In the event of unauthorized access by a third-party device, the bracelet can send a message of alert to the secure platform.

The personal data is then sent 421 to the third-party device 51. The data is then decrypted during a step 430 using a suitable decryption key.

Depending on the third-party devices and their authorization, the personal data accessible will be different. Thus, third-party devices dedicated to security agents will be able to access personal data such as Last name, first name, and contact details of the operator, while third-party devices dedicated to doctors will be able to access personal data such as Last name, First name , operator contact details and medical data. Finally, third-party devices dedicated to agents of a border control authority will be able to access all personal data relating to identity but will not be able to access medical data.

Thus, the invention improves the overall experience of a participant and in particular facilitates the verification of the identity of the participant, its transport and medical treatment, the fight against fraud and the planning of the gathering in taking into account the distribution of participants.

Claims (14)

1. Personal electronic bracelet (40) for managing personal data of a participant in a mass gathering comprising a communication module (41) capable of receiving personal data from the participant in encrypted form, a storage module (42) able to store the participant's encrypted personal data and an electronic closing mechanism (43) configured to change state following the reception of a state change data. 2. Bracelet according to claim 1, characterized in that the state change data is a biometric data associated with an operator responsible for said participant. 3. Bracelet according to one of claims 1 or 2, characterized in that the personal data of the participant includes: identity data, travel data and health data. 4. Bracelet according to any one of claims 1 to 3, characterized in that the communication module (41) is able to communicate with a third-party device (51) and is configured to allow access, by said third-party device (51 ), only part of the participant's personal data. 5. Bracelet according to any one of claims 1 to 4, characterized in that it is configured to send, via a communication module (41), a message to an operator responsible for said participant if it were to be opened by strength. 6. System (1) for managing personal data in the context of a mass gathering, said management system (1) comprising a personal electronic bracelet (40) according to one of claims 1 to 5 and a secure platform ( 100), said secure platform (100) comprising a personal data module (110), configured to store personal data of the participant. 7. Management system according to claim 6, characterized in that it further comprises a third party device (51) configured to access only part of the participant's personal data. 8. Management system according to claim 7, characterized in that at least one of the third-party devices (51) is able to access personal data comprising a visa number, to compare the visa number with a predetermined list and to generate an alert instruction based on said comparison. [0576-BULL22] 9. Management system according to one of claims 7 or 8, characterized in that at least one of the third-party devices (51) is a third-party access control device (60) for a vehicle configured for: - access part of the participant's personal data, - check the part of the participant's personal data, then - record the participant's personal data if the participant is authorized to enter the vehicle. 10. Management system according to any one of claims 6 to 9, characterized in that the secure platform (100) comprises an analysis module (140) configured for: - receive an alert message from a personal electronic bracelet (40) of a participant, load a geographical position of the personal electronic bracelet, load distribution data of the participants and determine an area with a high probability of risk of movement of crowd from loaded data; and or - receive an alert message from a personal electronic bracelet (40) of a participant, load a geographic position of the personal electronic bracelet (40), load distribution data of the participants and generate proposals for optimal routes for a routing of care and evacuation of the participant wearing the bracelet. 11. Management system according to any one of claims 6 to 10, characterized in that the secure platform (100) comprises a planning and access control module (190) configured to correlate distribution information of the participants in the mass gathering, visit planning information and positioning information of the personal electronic bracelet (40) so as to generate access authorizations to areas for the wearer of said bracelet (40). 12. Management system according to claim 11, characterized in that the planning and access control module (190) is configured for - receiving a request for authorization to access a zone by the personal electronic bracelet (40), loading visit planning data for the wearer of said bracelet (40) and transmitting an authorization to access the personal electronic bracelet (40 ) or to a third party device (51) according to the schedule and the visit planning data; - identifying the position of the personal electronic bracelet (40), loading visit planning data for the wearer of said bracelet (40) and transmitting to the personal electronic bracelet [0576-BULL22] (40) a message according to the schedule, bracelet position and visit planning data; - load distribution data of participants, load a geographic position of the personal electronic bracelet (40) and determine a planning of visits according to the loaded data; and or - transmit on a server, or on a third-party device (51), personal data of a participant who has exceeded the time allocated in an area. 13. A method of managing personal data in the context of a mass gathering, said personal data being recorded on a personal electronic bracelet (40) according to one of claims 1 to 5, said method comprising a step of configuring the bracelet personal electronics (40) comprising the following steps: - configuration of the electronic closing mechanism (43) so that it is able to change state following the reception of a state change data, - recording of encrypted personal data on the storage module (42), and - configuration of the communication module (41) so that it is capable of transmitting part of the encrypted personal data following the reception of an identification data from an authorized third-party device (51). 14. A method of managing personal data in the context of a mass gathering, said personal data being recorded on a personal electronic bracelet (40) according to one of claims 1 to 5, said method comprising a configuration step of a third-party device (51) comprising the following steps: - Creation (310) of a unique identification key, capable of allowing access to a third-party device (51) to a personal electronic bracelet (40), - Creation (320) of a decryption key of the encrypted personal data, capable of decrypting only part of the personal data of the personal electronic bracelet (40), and - registration of the unique identification key and the decryption key on a third-party device (51).